The force behind the Fedora Community Outreach Revamp Objective is organizing a hackfest type documentation session for Nest with Fedora. The main goals of the session will be updating/reviewing/pushing new documentation for the various outreach teams to Docs. The co-leads for this effort and myself would like raise awareness and also invite the community to join us at Nest this year. If you are interested in what we are up to or joining us for the session, read on!

Red Hat has announced Red Hat Advanced Cluster Management for Kubernetes 2.3, the latest version of the company’s enterprise-grade Kubernetes management offering.

The integration between Red Hat Ansible Automation Platform and Red Hat Advanced Cluster Management is designed to accelerate the automation and cohesion between cloud-native clusters, virtual machines and traditional infrastructure with streamlined tooling and coordination.

Ansible has made automation simple and it has become the universal automation language. By now, the benefits are well-known in the IT community. Like all good technologies, however, there can be challenges to face or approaches to combine. Consider using comma-separated value (CSV) files and Ansible to create Linux user accounts.

In this article, the goal is to automate user creation using Ansible. A list of users can be passed via an external variable file using vars_files or directly into the playbook using a loop. The problem arises when the list of users to be created is only available in a format like CSV while the Ansible developer is more comfortable using a YAML list. I personally have experienced situations where a user list including passwords is provided in a CSV file with the requirement to create those users on multiple Linux machines using an automation tool such as Ansible.

This article shows you how to create a scanning tool that can search for specific sequences of instructions inside binary files. Such searches are commonly required to verify that a compiled executable meets certain criteria, usually related to security. For example, Intel's Control-Flow Enforcement Technology (CET) extension mandates that all functions start with an ENDBR instruction. Verifying this requires a special tool specifically designed to search for instructions inside the binary.

[...]

Sometimes the exact instructions you are searching for are unknown. Instead, you have to locate an effect or specific behavior. To handle these cases, you can extend the scanner to simulate the target binary file instead of just disassembling it. This process, of course, is much more complex.

The scanner sources include two examples of this kind of advanced scanning, although neither is built by default. You can use the file annocheck/makefile.rop to build them, although you'll have to edit it to provide some necessary information. These scanners use the headers found in the binutils sources as well as the simulator code that is part of the GNU Debugger (GDB) project.

The advanced scanners in the sources both have the same job: Examining binaries to see whether they are vulnerable to exploits via a return-oriented programming (ROP) attack. One scanner examines AArch64 binaries and the other examines x86_64 binaries. Multiple instruction sequences are vulnerable to this kind of attack, so the scanners simulate the execution of instructions and look for characteristics that are of use to an attacker. Since the attacker can, in theory, start execution at any point in the binary, the scanners have to run lots of simulations, looking for any possible vulnerable entry point.

Artificial Intelligence and machine learning have sparked innovations that most of us use daily — from cognitive chatbots to product recommendations in our social media feeds to automated language translations and more. Integrating AI and machine learning technologies with cloud-native environments is an increasingly common scenario, driven by use of microservices and the need to scale rapidly. Developers are faced with the challenge to not only build machine learning applications, but to ensure that they run well in production in cloud-native and hybrid cloud environments.

Today, IBM is announcing a new machine-learning, end-to-end pipeline starter kit to help developers build machine-learning applications and deploy them easily and reliably in a cloud-native environment. The starter kits are part of the IBM Cloud-Native Toolkit, an open source collection of assets that provides an environment for developing cloud-native applications for deployment within Red Hat OpenShift and Kubernetes. Assets created with the Cloud-Native Toolkit can be deployed in any cloud or hybrid cloud environment.

These starter kits offer an excellent starting point to operationalizing and industrializing AI-powered applications and making them ready for production, using open source and Red Hat OpenShift technologies. The starter kit speeds up the development, deployment, and innovation with a set of opinionated approaches/tools.

Meritocracy in these "New Japan'' companies is now becoming a function of increased performance transparency. It involves collaboration which impacts on their management and organizational structure, adaptation to a changing world, increased transparency between foreign and Japanese companies and builds a global community to address a wide range of issues. Simply, they had to invest to rapidly put all open organization principles to work.

As I mentioned above, change is hard for Japanese companies because of what Schaede calls a "tight culture," a term she borrows from Michele J. Gelfand's book, Rule Makers, Rule Breakers. Summarizing it, Schaede writes

Tight cultures, such as Japan's, are characterized by strong norms for what constitutes the "right" behavior, as well as strong mechanisms for ostracizing deviants. In contrast, loose cultures, such as that in the United States, have a much wider definition of what is acceptable and do not sanction noncompliance to nearly the same degree.

In this kind of "tight" corporate culture, introducing a more flexible and creative work environment must be done in a highly regimented, methodical way to encourage employees to embrace less structured work approaches. Tight cultures also lend themselves to what Schaede calls "soft law" approaches to regulation, where exposing problems, nudging, and shaming are the primary levers driving activity. For Japan, using social transparency of actions and then applying shaming, exclusion, peer pressure, and what Schaede calls "nudging" are all that is needed for change to occur.

When we talk about metrics in software delivery, developers usually think of execution metrics – things like throughput, delivery, and number of deploys. These are often used to track team performance or determine efficiency, but in reality, these metrics don’t motivate anyone or provide a holistic picture of results – at least not without connecting them to a bigger picture.

When developers understand how their day-to-day work directly impacts the company’s goals and vision, they’re able to understand their impact and will want to do better. When they want to do better, they want metrics to get them there.

Here are four ways managers can motivate their developer teams to get behind metrics and find the right ones to track.